Core Concepts
Reference
How-to Guides
Troubleshooting
Feedback
How to achieve HIPAA compliance on Aptible
Learn how to achieve HIPAA compliance on Aptible, the leading platform for hosting HIPAA-compliant apps & databases
Overview
Aptible's story began with a focus on serving digital health companies. As a result, the Aptible platform was designed with HIPAA compliance in mind. It automates and enforces all the necessary infrastructure security and compliance controls, ensuring the safe storage and processing of HIPAA-protected health information and more.
This guide will cover the essential steps for achieving HIPAA compliance on Aptible.
HIPAA-Compliant Production Checklist
Prerequisites: An Aptible account on the Growth Plan or higher
- Provision a dedicated stack
- Dedicated stacks live on isolated infrastructure and are designed to support deploying resources with higher requirements— such as HIPAA. Aptible automates and enforces 100% of the necessary infrastructure security and compliance controls for HIPAA compliance. This includes but is not limited to:
- Network Segregation (see: stacks)
- Centralized IAM (see: access & permissions)
- Platform Activity Logging (see: activity)
- Automated Backups & Automated Backup Testing (see: database backups)
- Database Encryption at Rest (see: database encryption)
- End-to-end Encryption in Transit (see: database encryption)
- DDoS Protection (see: DDoS Protection)
- Automatic Container Recovery (see: container recovery)
- Intrusion Detection (see: HIDS)
- Host Hardening
- Secure Infrastructure Access, Development, and Testing Practices
- 24/7 Site Reliability and Incident Response
- Infrastructure Penetration Tested
- Execute a BAA with Aptible
- When you request your first dedicated stack, an Aptible team member will reach out to coordinate the execution of a Business Associate Agreement (BAA).
After these steps are taken, you are ready to process PHI! 🎉
Here are some optional steps you can take:
- Review your Security & Compliance Dashboard
- Review the controls implemented for you, enhance your security posture by implementing additional controls, and share a detailed report with your customers.
- Show off your compliance with a Secured by Aptible HIPAA compliance badge
- Set up log retention
- Set up long-term log retention with the use of a log drain. All Aptible log drain integrations offer BAAs.
This document serves as a guide and does not replace professional legal advice. For detailed compliance questions, it is recommended to consult with legal experts or Aptible's support team.